D.9.3 LDAP Attributes and Property Names (Sun Java System Calendar Server 6.3 Administration Guide)

Sun Java System Calendar Server 6.3 Administration Guide

D.9.3 LDAP Attributes and Property Names

The following tables describe the LDAP attributes and property names that apply to the csdomain utility. These attributes are part of the icsCalendarDomain object class. When you add or delete a value, you must use the property name and not the attribute name.

If you add or update domain LDAP attributes using csdomain, restart Calendar Server for the new values to take effect.

D.9.3.1 `icsAllowRights` Attribute: `csdomain` Utility

D.9.3 LDAP Attributes and Property Names describes the icsAllowRights attribute and properties that you can set with the csdomain utility. This attribute is a 32-bit numeric string, with each bit in the string corresponding to a specific user right. (In the current release, some bits are not used and are set to zero by default.) If a bit corresponding to a specific right is set (value=1), the right is not allowed. If the bit is not set (value=0), the right is allowed.

Each property in the icsAllowRights attribute has a corresponding ics.conf parameter. If a property is not set (value = 0) or is not present (service.virtualdomain.support = “no”), Calendar Server uses the corresponding ics.conf parameter as the default value.

The value for icsAllowRights is a numeric string and not an integer. To use icsAllowRights programmatically in bitwise operations, you must first convert its string value to an integer.

Table D–15 icsAllowRights LDAP Directory Attribute and Properties


Bit	Property Name	Description
0	`allowCalendarCreation`	If set (bit 0=1), do not allow calendars to be created. Corresponding `ics.conf` parameter: `service.wcap.allowcreatecalendars`
1	`allowCalendarDeletion`	If set (bit 1=1), do not allow calendars to be deleted. Corresponding `ics.conf` parameter: `service.wcap.allowdeletecalendars`
2	`allowPublicWritableCalendars`	If set (bit 2=1), do not allow public writable calendars. Corresponding `ics.conf` parameter: `service.wcap.allowpublicwriteablecalendars`
3		Not used in the current release.
4	`allowModifyUserPreferences`	If set (bit 4=1), do not allow domain administrators to get or set user preferences using WCAP commands. Corresponding `ics.conf` parameter: `service.admin.calmaster.wcap.allowgetmodifyuserprefs`
5	`allowModifyPassword`	If set (bit 5=1), do not allow user to change password via this server. Corresponding `ics.conf` parameter: `service.wcap.allowchangepassword`
6		Not used in the current release.
7		Not used in the current release.
8	`allowUserDoubleBook`	If set (bit 8=1), do not allow double booking for user’s calendars. Corresponding `ics.conf` parameter: `user.allow.doublebook`
9	`allowResourceDoubleBook`	If set (bit 9=1), do not allow double booking for resource calendars. Corresponding `ics.conf` parameter: `resource.allow.doublebook`
10	`allowSetCn`	If set (bit 10=1), do not allow user to set the common name (cn) attribute using the WCAP `set_userprefs` command. Corresponding `ics.conf` parameter: `service.wcap.allowsetprefs.cn`
11	`allowSetGivenName`	If set (bit 11=1), do not allow user to set the `givenName` attribute using the WCAP `set_userprefs` command. Corresponding `ics.conf` parameter: `service.wcap.allowsetprefs.givenname`
12	`allowSetGivenMail`	If set (bit 12=1), do not allow user to set the mail attribute using the WCAP `set_userprefs` command. Corresponding `ics.conf` parameter: `service.wcap.allowsetprefs.mail`
13	`allowSetPrefLang`	If set (bit 13=1), do not allow user to set the `preferredLanguage` attribute using the WCAP `set_userprefs` command. Corresponding `ics.conf` parameter: `service.wcap.allowsetprefs.preferredlanguage`
14	`allowSetSn`	If set (bit 14=1), do not allow user to set the surname (`sn`) attribute using the WCAP `set_userprefs` command. Corresponding `ics.conf` parameter: `service.wcap.allowsetprefs.sn`
15–31		Not used in the current release.

D.9.3.2 `icsExtendedDomainPrefs` Attribute: `csdomain` Utility

The following table describes the icsExtendedDomainPrefs attribute and properties that you can set with the csdomain utility. Each property has a corresponding ics.conf parameter. If a property is not set ( for example, value = 0, or service.virtualdomain.support=“no”), or is not present, Calendar Server uses the corresponding ics.conf parameter as the default value.

Table D–16 icsExtendedDomainPrefs LDAP Directory Attribute


Property Name	Description
`allowProxyLogin`	Specifies `"yes"` or `"no"` whether to allow proxy logins. Corresponding `ics.conf` parameter: `service.http.allowadminproxy` (default = `"yes"`)
`calmasterAccessOverride`	Specifies `"yes"` or `"no"` whether the Calendar Server administrator can override access control. Corresponding `ics.conf` parameter: `service.admin.calmaster.overrides.accesscontrol` (default = `"no"`)
`calmasterCred`	Specifies an ASCII string that is the password of the user ID specified as the Calendar Server domain administrator. Corresponding `ics.conf` parameter: `service.siteadmin.cred` (no default)
`calmasterUid`	Specifies an ASCII string that is the user ID of the person designated as the Calendar Server domain administrator. Corresponding `ics.conf` parameter: `service.siteadmin.userid` (no default)
`createLowercase`	Specifies "yes" or "no" whether Calendar Server should convert a calendar ID (calid) to lowercase when creating a new calendar or when searching for a calendar Corresponding `ics.conf` parameter: `calstore.calendar.create.lowercase` (default = "no")
`domainAccess`	Specifies an access control list (ACL) for the domain. For information about ACLs, see 1.8.3 Access Control Lists (ACLs) in Calendar Server Version 6.3. This ACL is used for cross domain searches. For more information, see 11.2 Cross Domain Searching in Calendar Server 6.3 Systems. Caution – Only a single instance of `domainAccess` is allowed. However, the system does not warn you if there is a duplicate. You must ensure there is only one, whenever you change the value.
`fbIncludeDefCal`	Specifies "yes" or "no" whether a user’s default calendar is included in user’s free/busy calendar list. Corresponding `ics.conf` parameter: `calstore.freebusy.include.defaultcalendar` (default = "yes")
`filterPrivateEvents`	Specifies "yes" or "no" whether Calendar Server filters (recognizes) Private and Time and Date Only (confidential) events and tasks. If "no", Calendar Server treats them the same as Public events and tasks. Corresponding `ics.conf` parameter: `calstore.filterprivateevents` (default = "yes")
`groupMaxSize`	Specifies the maximum size of an LDAP group that will be expanded for an invitation. Corresponding `ics.conf` parameter: `calstore.group.attendee.maxsize` (default is "0" – expand the group without regard to size)
`language`	Specifies the language for a domain. Corresponding `ics.conf` parameter: `local.domain.language`
`resourceDefaultAcl`	Specifies an access control list (ACL) that is the default access control permissions used when a resource calendar is created. Corresponding `ics.conf` parameter: `resource.default.acl` (default is "@@o^a^r^g;@@o^c^wdeic^g; @^a^rsf^g"
`setPublicRead`	Specifies whether user default calendars are initially set to public read/private write ("yes") or private read/private write ("no"). Corresponding `ics.conf` parameter: `service.wcap.login.calendar.publicread` (default = "no")
`searchFilter`	Specifies a search filter for finding a user. Corresponding `ics.conf` parameter: `local.userSearchFilter`
`ssoCookieDomain`	Specifies that the browser should send a cookie only to servers in the specified domain. The value must begin with a period (.). For example: ".sesta.com" Corresponding `ics.conf` parameter: `sso.cookiedomain` (default is the current domain)
`ssoUserDomain`	Specifies the domain used as part of the user’s SSO authentication. Corresponding `ics.conf` parameter: `sso.userdomain` (no default)
`subIncludeDefCal`	Specifies "yes" or "no" whether a user’s default calendar is included in the user’s subscribed calendar list. Corresponding `ics.conf` parameter: `calstore.subscribed.include.defaultcalendar` (default = "yes")
`uiAllowAnyone`	Specifies "yes" or "no" whether the user interface should show and use the "Everybody" access control list (ACL). Corresponding `ics.conf` parameter: `ui.allow.anyone` (default = "yes")
`uiAllowDomain`	Specifies "yes" or "no" whether the user interface should show and use the access control list (ACL) for this domain. Corresponding `ics.conf` parameter: `ui.allow.domain` (default = "no")
`uiBaseUrl`	Specifies a URL for the base server address. For example: `"https://proxyserver"`. Corresponding ics.conf parameter: `ui.base.url` (no default)
`uiConfigFile`	Specifies an optional `xml` based configuration file that Calendar Server can read at startup that allows parts of the user interface to be hidden. Corresponding `ics.conf` parameter: `ui.config.file` (no default)
`uiProxyURL`	Specifies a URL for the proxy server address to prepend in an HTML UI JavaScript file. For example: `"https://web_portal.sesta.com/"` Corresponding `ics.conf` parameter: `ui.proxyaddress.url` (no default)

D.9.3.3 Other LDAP Directory Attributes: `csdomain` Utility

The following table describes other LDAP attributes and properties that you can set with the csdomain utility.

Table D–17 Other LDAP Directory Attributes for the csdomain Utility


LDAP Attribute	Property Name	Description
`icsAllowedServiceAccess`	`allowedAccessProtocols`	Specifies whether access to Calendar Server is allowed. If set to “http”, access is denied. If set to any other value, access is allowed. Calendar Server uses this attribute only if the `icsStatus` attribute is not set.
`icsDefaultAccess`	`userDefaultAcl`	Specifies the ACL for a newly created user calendar. Corresponding `ics.conf` parameter: `calstore.calendar.default.acl`
`icsDomainNames`	`searchDomainNames`	Specifies the external domains that this domain can search when looking for calendars or users. Corresponding `ics.conf` parameter: none
`icsDWPBackEndHosts`	(undefined)	Specifies the default back-end host (DNS name) for a user if a host name is not explicitly provided. This attribute is used when Calendar Server is in LDAP CLD mode.
`icsStatus`	`statusCalendarDomain`	Specifies that status of Calendar Server: active–Calendar Server is accessible. inactive–Calendar Server is inaccessible. Calendars remain in the database and Calendar Server LDAP attributes remain unchanged. deleted–Calendar Server is inaccessible, because the person is marked as deleted. removed–Calendars have been removed from the calendar database. If `icsStatus` is set, its value overrides the `icsAllowedServiceAccess` attribute. If `icsStatus` is not set, Calendar Server uses the `icsAllowedServiceAccess` attribute.
`icsTimezone`	`timezone`	Specifies the default time-zone ID. For example, America/New_York or Asia/Tokyo. For the supported time zones, refer to the `timezones.ics` file.